Svetoslav | 976e8bd | 2014-07-16 15:12:03 -0700 | [diff] [blame] | 1 | /* |
| 2 | * Copyright (C) 2014 The Android Open Source Project |
| 3 | * |
| 4 | * Licensed under the Apache License, Version 2.0 (the "License"); |
| 5 | * you may not use this file except in compliance with the License. |
| 6 | * You may obtain a copy of the License at |
| 7 | * |
| 8 | * http://www.apache.org/licenses/LICENSE-2.0 |
| 9 | * |
| 10 | * Unless required by applicable law or agreed to in writing, software |
| 11 | * distributed under the License is distributed on an "AS IS" BASIS, |
| 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
| 13 | * See the License for the specific language governing permissions and |
| 14 | * limitations under the License. |
| 15 | */ |
| 16 | |
| 17 | package android.app.admin; |
| 18 | |
Pavel Grafov | 2893998 | 2017-10-03 15:11:52 +0100 | [diff] [blame] | 19 | import android.annotation.UserIdInt; |
kholoud mohamed | 946df39 | 2019-12-12 17:43:32 +0000 | [diff] [blame] | 20 | import android.content.ComponentName; |
Sudheer Shanka | 7a9c34b | 2016-03-11 12:25:51 -0800 | [diff] [blame] | 21 | import android.content.Intent; |
kholoud mohamed | 946df39 | 2019-12-12 17:43:32 +0000 | [diff] [blame] | 22 | import android.os.UserHandle; |
Suprabh Shukla | 8bea73e | 2016-03-09 13:01:18 -0800 | [diff] [blame] | 23 | |
Svetoslav | 976e8bd | 2014-07-16 15:12:03 -0700 | [diff] [blame] | 24 | import java.util.List; |
kholoud mohamed | 946df39 | 2019-12-12 17:43:32 +0000 | [diff] [blame] | 25 | import java.util.Set; |
Svetoslav | 976e8bd | 2014-07-16 15:12:03 -0700 | [diff] [blame] | 26 | |
| 27 | /** |
| 28 | * Device policy manager local system service interface. |
| 29 | * |
Varun Shah | b472b8f | 2019-09-23 23:01:06 -0700 | [diff] [blame] | 30 | * Maintenance note: if you need to expose information from DPMS to lower level services such as |
| 31 | * PM/UM/AM/etc, then exposing it from DevicePolicyManagerInternal is not safe because it may cause |
| 32 | * lock order inversion. Consider using {@link DevicePolicyCache} instead. |
| 33 | * |
Svetoslav | 976e8bd | 2014-07-16 15:12:03 -0700 | [diff] [blame] | 34 | * @hide Only for use within the system server. |
| 35 | */ |
| 36 | public abstract class DevicePolicyManagerInternal { |
| 37 | |
| 38 | /** |
Svet Ganov | 6bd7025 | 2014-08-20 09:47:47 -0700 | [diff] [blame] | 39 | * Listener for changes in the white-listed packages to show cross-profile |
| 40 | * widgets. |
| 41 | */ |
| 42 | public interface OnCrossProfileWidgetProvidersChangeListener { |
| 43 | |
| 44 | /** |
| 45 | * Called when the white-listed packages to show cross-profile widgets |
| 46 | * have changed for a given user. |
| 47 | * |
| 48 | * @param profileId The profile for which the white-listed packages changed. |
| 49 | * @param packages The white-listed packages. |
| 50 | */ |
| 51 | public void onCrossProfileWidgetProvidersChanged(int profileId, List<String> packages); |
| 52 | } |
| 53 | |
| 54 | /** |
Svetoslav | 976e8bd | 2014-07-16 15:12:03 -0700 | [diff] [blame] | 55 | * Gets the packages whose widget providers are white-listed to be |
| 56 | * available in the parent user. |
| 57 | * |
Makoto Onuki | 2670495 | 2016-06-13 14:50:11 -0700 | [diff] [blame] | 58 | * <p>This takes the DPMS lock. DO NOT call from PM/UM/AM with their lock held. |
| 59 | * |
Svetoslav | 976e8bd | 2014-07-16 15:12:03 -0700 | [diff] [blame] | 60 | * @param profileId The profile id. |
| 61 | * @return The list of packages if such or empty list if there are |
| 62 | * no white-listed packages or the profile id is not a managed |
| 63 | * profile. |
| 64 | */ |
| 65 | public abstract List<String> getCrossProfileWidgetProviders(int profileId); |
Svet Ganov | 6bd7025 | 2014-08-20 09:47:47 -0700 | [diff] [blame] | 66 | |
| 67 | /** |
| 68 | * Adds a listener for changes in the white-listed packages to show |
| 69 | * cross-profile app widgets. |
| 70 | * |
Makoto Onuki | 2670495 | 2016-06-13 14:50:11 -0700 | [diff] [blame] | 71 | * <p>This takes the DPMS lock. DO NOT call from PM/UM/AM with their lock held. |
| 72 | * |
Svet Ganov | 6bd7025 | 2014-08-20 09:47:47 -0700 | [diff] [blame] | 73 | * @param listener The listener to add. |
| 74 | */ |
| 75 | public abstract void addOnCrossProfileWidgetProvidersChangeListener( |
| 76 | OnCrossProfileWidgetProvidersChangeListener listener); |
Zoltan Szatmary-Ban | 1181ed8 | 2015-02-23 17:20:20 +0000 | [diff] [blame] | 77 | |
| 78 | /** |
| 79 | * Checks if an app with given uid is an active device admin of its user and has the policy |
| 80 | * specified. |
Makoto Onuki | 2670495 | 2016-06-13 14:50:11 -0700 | [diff] [blame] | 81 | * |
| 82 | * <p>This takes the DPMS lock. DO NOT call from PM/UM/AM with their lock held. |
| 83 | * |
Zoltan Szatmary-Ban | 1181ed8 | 2015-02-23 17:20:20 +0000 | [diff] [blame] | 84 | * @param uid App uid. |
| 85 | * @param reqPolicy Required policy, for policies see {@link DevicePolicyManager}. |
| 86 | * @return true if the uid is an active admin with the given policy. |
| 87 | */ |
| 88 | public abstract boolean isActiveAdminWithPolicy(int uid, int reqPolicy); |
Suprabh Shukla | d045252 | 2016-03-02 14:33:10 -0800 | [diff] [blame] | 89 | |
| 90 | /** |
Varun Shah | b472b8f | 2019-09-23 23:01:06 -0700 | [diff] [blame] | 91 | * Checks if an app with given uid is the active supervision admin. |
| 92 | * |
| 93 | * <p>This takes the DPMS lock. DO NOT call from PM/UM/AM with their lock held. |
| 94 | * |
| 95 | * @param uid App uid. |
| 96 | * @return true if the uid is the active supervision app. |
| 97 | */ |
| 98 | public abstract boolean isActiveSupervisionApp(int uid); |
| 99 | |
| 100 | /** |
Nicolas Prevot | 709a63d | 2016-06-09 13:14:00 +0100 | [diff] [blame] | 101 | * Creates an intent to show the admin support dialog to say that an action is disallowed by |
| 102 | * the device/profile owner. |
Sudheer Shanka | 7a9c34b | 2016-03-11 12:25:51 -0800 | [diff] [blame] | 103 | * |
Makoto Onuki | 2670495 | 2016-06-13 14:50:11 -0700 | [diff] [blame] | 104 | * <p>This method does not take the DPMS lock. Safe to be called from anywhere. |
Nicolas Prevot | 709a63d | 2016-06-09 13:14:00 +0100 | [diff] [blame] | 105 | * @param userId The user where the action is disallowed. |
| 106 | * @param useDefaultIfNoAdmin If true, a non-null intent will be returned, even if we couldn't |
| 107 | * find a profile/device owner. |
Sudheer Shanka | 7a9c34b | 2016-03-11 12:25:51 -0800 | [diff] [blame] | 108 | * @return The intent to trigger the admin support dialog. |
| 109 | */ |
Nicolas Prevot | 709a63d | 2016-06-09 13:14:00 +0100 | [diff] [blame] | 110 | public abstract Intent createShowAdminSupportIntent(int userId, boolean useDefaultIfNoAdmin); |
| 111 | |
| 112 | /** |
| 113 | * Creates an intent to show the admin support dialog showing the admin who has set a user |
| 114 | * restriction. |
| 115 | * |
| 116 | * <p>This method does not take the DPMS lock. Safe to be called from anywhere. |
| 117 | * @param userId The user where the user restriction is set. |
| 118 | * @return The intent to trigger the admin support dialog, or null if the user restriction is |
| 119 | * not enforced by the profile/device owner. |
| 120 | */ |
| 121 | public abstract Intent createUserRestrictionSupportIntent(int userId, String userRestriction); |
Benjamin Franz | dabae88 | 2017-08-08 12:33:19 +0100 | [diff] [blame] | 122 | |
| 123 | /** |
| 124 | * Returns whether this user/profile is affiliated with the device. |
| 125 | * |
| 126 | * <p> |
| 127 | * By definition, the user that the device owner runs on is always affiliated with the device. |
| 128 | * Any other user/profile is considered affiliated with the device if the set specified by its |
| 129 | * profile owner via {@link DevicePolicyManager#setAffiliationIds} intersects with the device |
| 130 | * owner's. |
| 131 | * <p> |
| 132 | * Profile owner on the primary user will never be considered as affiliated as there is no |
| 133 | * device owner to be affiliated with. |
| 134 | */ |
| 135 | public abstract boolean isUserAffiliatedWithDevice(int userId); |
Pavel Grafov | 2893998 | 2017-10-03 15:11:52 +0100 | [diff] [blame] | 136 | |
| 137 | /** |
Rubin Xu | fd4a3b4 | 2018-12-05 16:03:27 +0000 | [diff] [blame] | 138 | * Returns whether the calling package can install or uninstall packages without user |
| 139 | * interaction. |
| 140 | */ |
| 141 | public abstract boolean canSilentlyInstallPackage(String callerPackage, int callerUid); |
| 142 | |
| 143 | /** |
Pavel Grafov | 2893998 | 2017-10-03 15:11:52 +0100 | [diff] [blame] | 144 | * Reports that a profile has changed to use a unified or separate credential. |
| 145 | * |
| 146 | * @param userId User ID of the profile. |
| 147 | */ |
| 148 | public abstract void reportSeparateProfileChallengeChanged(@UserIdInt int userId); |
Andrew Scull | 1416bd0 | 2018-01-05 18:33:58 +0000 | [diff] [blame] | 149 | |
| 150 | /** |
Vladislav Kuzkokov | fef75ee | 2018-01-22 23:37:14 +0100 | [diff] [blame] | 151 | * Return text of error message if printing is disabled. |
| 152 | * Called by Print Service when printing is disabled by PO or DO when printing is attempted. |
| 153 | * |
| 154 | * @param userId The user in question |
| 155 | * @return localized error message |
| 156 | */ |
| 157 | public abstract CharSequence getPrintingDisabledReasonForUser(@UserIdInt int userId); |
Makoto Onuki | 04ef447 | 2018-03-12 17:29:49 -0700 | [diff] [blame] | 158 | |
| 159 | /** |
| 160 | * @return cached version of DPM policies that can be accessed without risking deadlocks. |
| 161 | * Do not call it directly. Use {@link DevicePolicyCache#getInstance()} instead. |
| 162 | */ |
| 163 | protected abstract DevicePolicyCache getDevicePolicyCache(); |
Rubin Xu | 0f1e56d | 2019-08-23 13:34:25 +0100 | [diff] [blame] | 164 | |
| 165 | /** |
| 166 | * @return cached version of device state related to DPM that can be accessed without risking |
| 167 | * deadlocks. |
| 168 | * Do not call it directly. Use {@link DevicePolicyCache#getInstance()} instead. |
| 169 | */ |
| 170 | protected abstract DeviceStateCache getDeviceStateCache(); |
kholoud mohamed | 946df39 | 2019-12-12 17:43:32 +0000 | [diff] [blame] | 171 | |
| 172 | /** |
| 173 | * Returns the combined set of the following: |
| 174 | * <ul> |
| 175 | * <li>The package names that the admin has previously set as allowed to request user consent |
| 176 | * for cross-profile communication, via {@link |
| 177 | * DevicePolicyManager#setCrossProfilePackages(ComponentName, Set)}.</li> |
| 178 | * <li>The default package names that are allowed to request user consent for cross-profile |
| 179 | * communication without being explicitly enabled by the admin , via {@link |
| 180 | * DevicePolicyManager#setDefaultCrossProfilePackages(ComponentName, UserHandle, Set)}.</li> |
| 181 | * </ul> |
| 182 | * |
| 183 | * @return the combined set of whitelisted package names set via |
| 184 | * {@link DevicePolicyManager#setCrossProfilePackages(ComponentName, Set)} and |
| 185 | * {@link DevicePolicyManager#setDefaultCrossProfilePackages(ComponentName, UserHandle, Set)} |
| 186 | * |
| 187 | * @hide |
| 188 | */ |
| 189 | public abstract List<String> getAllCrossProfilePackages(); |
Svetoslav | 976e8bd | 2014-07-16 15:12:03 -0700 | [diff] [blame] | 190 | } |